How to repair corrupt AD user account

We have an issue where we have some corrupt AD user accounts. we noticed it when we tried to log into our domain and the desktop locked up. At first we thought it was a corrupt windows user profile but when we deleted the profile and tried to log back into the computer, we experienced the same issue

When we logged into the computer with another user account it worked fine. When we deleted the corrupt user account from AD and recreated it, it work just fine.

The main issue that we have is that we cannot delete all of the user accounts because it would be dissruptive and a pain to move all of the exchange mailboxes

I've never seen this behaviour before, have you considered that a specific group membership was causing this problem?

The user account is only used to pass logon credentials to AD and then AD sends back the membership tokens for the groups that this user is a member of.

When re-creating the user, did you put all the same group memberships back on the user account?

Another quick test, is to clone/copy one of the corrupt accounts to a new user account and then test if it does the same. If yes, remove all group membership on this account and try again.
P.S. This is only for testing purposes.

Companies that have implemented Microsoft’s Active Directory need to ensure that the Active Directory is configured and operating properly. If there are issues found and not resolved, it eventually leads the components to fail or stop working and fi…

Do you have users whose passwords are expiring and they are constantly calling you? Well I sure did and needed a way to put an end to this. We have a lot of remote users which would not be notified that their passwords were expiring since they wer…

This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource.
Use Google, Bing, or other preferred search engine to locate trusted NTP …